Chief Security Officer Deputy

Position Title: Chief Security Officer Deputy

General Purpose: The Chief Security Officer Deputy is responsible for the organization's Security Programs as directed by the CSO including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of electronic protected information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.

Responsibilities:

• Assist in building a strategic and comprehensive information security program that defines, develops, maintains, and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled, and processed within the organization.
• Actively participate in activities that facilitate and promote a culture of cyber security within the origination that drive security awareness and behavioral changes for the business.
• Assist with the design and development of business-appropriate security controls, implemented defense-in-depth and demonstrating strong decision making for implemented people, process, and technology controls.
• Ensure that the disaster recovery, business continuity, risk management requirements of the business are addressed.
• Collaborates with Ivanti’s General Counsel, Data Protection Officer, and key business leadership to establish governance for the security program.
• Works closely with the DPO to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and acts as a liaison to the information systems and compliance departments.
• Is responsible for participating in periodic information security risk assessment/analysis, mitigation, and remediation. Responsible for development and implementation of security risk management plan as directed by the CSO.
• Assist the CSO with developing security governance, policy, and strategy that is consistent with the business objectives and threat landscape.
• Participates in the development, implementation, and ongoing compliance monitoring of all BA's and business associate agreements, to ensure security concerns, requirements, and responsibilities are addressed.
• Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach breaches.
• Partners with Human Resources and DPO to ensure consistent sanctions for security violations
• Maintains current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards.
• Serves as information security consultant to all departments for all data security related issues.
• Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
• Meet with customers to understand their security needs and clearly communication our security posture and controls with them.
• Assist with the personal and professional development of Information Security Personnel.

Qualifications:

• Minimum baccalaureate degree in Information Systems or a related Cyber Security related field.
• Strong understanding of the threat landscape, including how security controls combat specific threats.
• Knowledge and experience in US federal, US State, and international information security and privacy laws and regulations, including but not limited to HIPAA, PCI, GDPR, CCPA, BSIG, etc.
• Knowledge and experience in working with common security frameworks, including NIST, CIS, SOC 2, ISO 27001/2, CSF, etc.
• Experience in working with external certifying auditors.
• Industry certifications such as CISSP and CISA, preferred.
• Demonstrated strong verbal and written communication skills for communicating with both highly technical team members and business stakeholders.
• Demonstrated organization, facilitation, written and oral communication, and presentation skills.
• A high level of integrity and trust.